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We claim: 

1 1 . A method for providing session protection for user privacy over a network, 

2 by means including at least a client and a remote server, wherein a user, us- 

3 ing a client application, may submit a request through said client for a 



4 specified action to be performed in response to said request by said remote 

5 server, said user-submitted request comprising identity information that 

6 identifies the user making the request, and action information that specifies 

7 the action requested from said remote server by said user, and wherein said 

8 communications are provided in a secure and anonymous manner in that 

9 said action information is submitted to said remote server without reveal- 

10 ing said identity information to said remote server, and in that only said 

1 1 client, and not any facility through which said action information or any re- 

12 sponse thereto passes in the course of being submitted to or received from 

13 said remote server, possesses both said identity information and said action 
u information, said system comprising (in addition to said client and remote 

15 server): 

16 (a) separating, within said client application, said identity information and 

17 said action information from the user's information request, encrypting 

18 said identity information and said action information, and sending said 

19 identity information and said action information as so encrypted to an 

20 identity server; 

21 (b) decrypting, within said first intermediate server, said encrypted identity 

22 information but not said encrypted action information, and transmitting 

23 said encrypted action information to a second intermediate server; 

24 (c) decrypting, within said second intermediate server, said action infor- 

25 mation, transmitting said decrypted action information to said remote 

26 server, receiving the remote server's response, encrypting said remote 

27 server response, and transmitting said encrypted remote server re- 

28 sponse to said first intermediate server; 

29 (d) receiving, within said first intermediate server said encrypted remote 

30 server response from said second intermediate server, associating said 

31 encrypted remote server response with said identity information and 

32 sending said encrypted remote server response to said application; and 

33 (e) decrypting, within said client application, said remote server response 

34 and forwarding said decrypted remote server response to said client for 

35 presentation to said user. 
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1 2. A method for providing private storage of data within a network, to a user 

2 operating a computer connected to said network, said computer having a 

3 client application resident therein, there being available to said user on said 

4 network a server to provide storage services, said method for providing 

5 private storage comprising: 

6 (a) generating within said client application a first encryption key and a 

7 first decryption key; 

8 (b) encrypting said data within said client using said first encryption key; 

9 (c) generating a data object identifier within said client application; 

10 (d) creating a data object that contains said data object identifier and said 

11 encrypted data; 

12 (e) sending said data object to said server; 

13 (f) storing said data object in a database under the control of said server, 

14 using said data object identifier as a locator; 

15 (g) writing said data object identifier to a user object within said client ap- 

16 plication; 

17 (h) writing said first decryption key to said user object; 

18 (i) generating within said client application a user object encryption key 

19 based on information private to said user and reproducible in future 

20 sessions by said user, in a manner such that said private information 

21 cannot practicably be derived from said user object encryption key; 

22 (j) encrypting said user object with said user object encryption key; 

23 (k) generating within said client application a user object identifier based 

24 on information private to said user and reproducible in future sessions 

25 by said user, in a manner such that said private information cannot 

26 practicably be derived from said user object identifier; 

27 (1) associating said user object identifier with said user object; 

28 (m) sending said user object and user object identifier to said server; and 

29 (n) storing said user object in said database, using said user object identi- 

30 fier as a locator. 

1 3 . A method for private retrieval over a network of data that has been stored 

2 in accordance with the method of claim 2, to the user that stored said data, 

3 said user operating a computer connected to said network, said computer 

4 having a client application resident therein, there being available to said 

5 user on said network a server to provide storage services, said method for 

6 providing private retrieval of said data comprising: 
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(a) generating within said client application user object identifier in accor- 
dance with the same method and based on the same information that 
was used to generate the user identifier by which said data had previ- 
ously been stored in accordance with claim 2; 

(b) sending said user object identifier and a request for a user object to said 
server; 

(c) if said user object identifier matches a user object identifier previously 
stored by said server, sending the requested user object to said client 
application, said requested user object comprising a data object decryp- 
tion key and a data object identifier and being encrypted with a user ob- 
ject encryption key; 

(d) generating within said client application a user object decryption key in 
accordance with the same method and based on the same information 
that was used to generate the user object encryption key in accordance 
with claim 2; 

(e) decrypting said user object using said user object decryption key; 

(f) selecting from said decrypted user object the data object identifier cor- 
responding to the encrypted data desired to be retrieved; 

(g) sending said data object identifier and a request for said encrypted data 
to said server; 

(h) within said server, retrieving said encrypted data from a database under 
the control of said server, using said data object identifier as a locator; 

(i) sending said encrypted data to said client application; 

(j) reading said data object decryption key from said decrypted user ob- 
ject; 

(k) decrypting said encrypted data with said data object decryption key; 
and 

(1) making said decrypted data available to said user. 

4. A method for providing private storage of data within a network, to a stor- 
ing user operating a computer connected to said network, wherein access 
to said data is granted by said user to an accessing user, said computer hav- 
ing a client application resident therein, there being available to said stor- 
ing user on said network a server to provide storage services, said method 
for providing private storage with access to said accessing user compris- 
ing: 

(a) said storing user identifying the data to be stored and said accessing 
user, who is to have access thereto; 
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10 (b) generating within said client application a first encryption key and a 

1 1 first decryption key; 

12 (c) encrypting said data within said client using said first encryption key; 

13 (d) generating a data object identifier within said client application; 

14 (d) generating a challenge public-private key pair for said data; 

15 (e) reading with said client application an identifier for said accessing 

16 user; 

17 (f) generating a coded user identifier from said user identifier in a manner 

18 such that said user identifier cannot practicably be deduced from said 

19 coded user identifier; 

20 (g) sending said coded user identifier to said server together with a request 

21 for the accessing user's message queue public key; 

22 (h) said server identifying the message queue public key associated with 

23 said coded user identifier and returning said message queue public key 

24 to said client application; 

25 (i) creating a message object comprising said data object identifier, said 

26 first decryption key, and said private challenge key; 

27 (j) encrypting said message object with said message queue public key; 

28 (k) sending said encrypted message object to the message queue on said 

29 server associated with said coded user identifier; 

30 (1) creating a data object comprising said data object identifier, said en- 

31 crypted data, and said public challenge key; 

32 (m)sending said data object to said server; 

33 (n) said server storing said encrypted data in a database under the control 

34 of said server, using said data object identifier as a locator and main- 

35 taining an association with said public challenge key. 

1 5 . A method for private retrieval over a network of data that has been stored 

2 in accordance with the method of claim 4, to an accessing user granted ac- 

3 cess to said data in accordance with the method of claim 4, said accessing 

4 user operating a computer connected to said network, said computer hav- 

5 ing a client application resident therein, there being available to said ac- 

6 cessing user on said network a server to provide storage services, said 

7 method for providing private retrieval of said data by said accessing user 

8 comprising: 

9 (a) accessing user providing authentication token to client application; 

10 (b) generating within said client application a user object identifier based 

1 1 on said authentication token in the same manner previously used to 
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12 




generate the user object identifier associated with said accessing user 


13 




on said server; 


14 


(c) 


sending said user object identifier and a request for a user object to said 


15 




server; 


16 


(d) 


if said user object identifier matches a user object identifier previously 


17 




stored by said second server, sending the requested user object to said 


18 




client application, said requested user object comprising a reference to 


19 




said accessing user's message queue on said server and a message 


20 




queue decryption key, 


21 


(e) 


requesting said message queue from said server; 


22 


(Q 


said server retrieving said message queue from a database under con- 


23 




trol of said server, and returning said message queue to said client ap- 


24 




plication, said message queue comprising a message object previously 


25 




inserted in said message queue in accordance with claim 4; 


26 


(g) 


reading said message queue decryption key from said user object; 


27 


00 


decrypting said message object from said message queue with said 


28 




message queue decryption key; 


29 


(i) 


reading said message object and obtaining therefrom the data object 


30 




identifier for encrypted data that had been stored under control of said 


31 




server in accordance with claim 4; 


32 


(D 


generating a challenge request and forwarding said challenge request 


33 




and said data object identifier to said server; 


34 


(k) 


said server encrypting said challenge with the public challenge key that 


35 




was associated with said data object identifier in accordance with claim 


36 




4, and returning said encrypted challenge to said client application; 


37 


0) 


reading said private challenge key from said message object; 


38 


(m) decrypting said encrypted challenge using said private challenge de- 


39 




cryption key; 


40 


w 


returning said unencrypted challenge together with said data object 


41 




identifier to said server; 


42 


(o) 


said server matching said challenge received with said challenge sent, 


43 




and retrieving a data element associated with said data object identifier; 


44 


go 


sending said data element to said client application; 


45 


(q) 


reading said first decryption key from said message object; and 


46 


(r) 


decrypting encrypted data associated with said data element. 



1 

2 



6. 



The method of claim 5, wherein said data element comprises the encrypted 
data stored in accordance with claim 4.; 
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1 7. The method of claim 5, wherein said encrypted data element comprises a 

2 handle conferring temporary approval to access one or more objects, 

3 whereby the encrypted data stored in accordance with claim 4 may be sepa- 

4 rately accessed in increments and decrypted. 

1 8. The method of storage and retrieval and access control in accordance with 

2 claim 4 and claim 5, wherein the entity identified in said claims as the ac- 

3 cessing user is a group of users defined in said second intermediate server, 

4 said group having a message queue and a challenge key, and wherein the 

5 users who were members of said group had in their user objects maintained 

6 within said second intermediate server a reference to said group and the 

7 group's challenge key, so as to enable said user to access any data for 

8 which access has been authorized to said group. 

1 9. The method of any of claims 2, 3, 4, 5, 6, 7 or 8, wherein data transfer to 

2 and from said server is conducted in accordance with secure socket layer 

3 protocols. 

1 10. The method of any of claims 2, 3, 4, 5, 6, 7 or 8, wherein said server is a 

2 second intermediate server in a system comprising first and second inter- 

3 mediate servers adapted to perform the method of claim 1, and wherein 

4 data transfer to and from said second intermediate server is conducted 

5 through a first intermediate server in accordance with the method of claim 

6 1. 

1 11. The method of claim 1 or claim 10 wherein said identity server and said 

2 action server are implemented as processes or threads which may execute 

3 on the same or different computers. 

1 12. The method of claim 10 carried out in a distributed operating environment 

2 in which there are a plurality of users, a plurality of first intermediate serv- 

3 ers and a plurality of second intermediate servers, all communicating in ac- 

4 cordance with the method of claim 1 . 
1 



